Security Lapse by Microsoft Employees Exposes Internal Passwords
Microsoft is addressing a major security breach that exposed internal files and credentials to public access. Learn more about the incident and the company’s scope of exposure.
- In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public.
- The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files.
Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access.
The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsofts internal data. So far, it has not been made clear how long the data has been exposed.
The incident is the latest in a series of security-related errors at Microsoft, including several associated with its cloud offerings in recent years. In 2023, Microsoft employees accidentally exposed their own corporate network credentials on GitHub. Furthermore, China-backed hackers were able to access Microsoft-hosted email accounts of senior US government officials, owing to the theft of an internal email signing key. Russian hackers were also able to steal some of the company’s source code.
Such incidents have hurt Microsoft’s credibility among customers. Government officials have been critical of the company for its lack of accountability for such incidents. It has consequently become important for governments to collaborate with tech companies to mitigate such threats and improve transparency for the foreseeable future.
What do you think about Microsoft’s security practices? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock